Solution of session timeout in Java Web project
In Java Web development, session provides us with a lot of convenience. Session is maintained between browser and server. Session timeout is understood as: a session is created between the browser and the server. Because the client does not interact with the server for a long time (hibernation time), the server destroys this session, and the previous session does not exist when the client interacts with the server again.
0. Demand
All / Web / * * requests need to be intercepted, and the session will jump to the login page when it expires.
1. Introduction
Generally speaking, the session timeout will be configured during project use. If it is not configured, the default value is 30 minutes, that is, after the user does not operate for 30 minutes, the session will become invalid. At this time, the user needs to log in to the system again.
The session timeout is configured for the main project web XML, as follows:
2. Classification of requests
In the current project, there are two kinds of requests: one is a common request, that is, initiating a request to return to the view and model; The other is Ajax request, which mainly returns model data. When the backend processes, it will return different contents according to different requests.
For ordinary requests, we directly return to the JavaScript script, which can jump the page to the login page.
For Ajax requests, you need to return a status code other than 200, so that Ajax requests can enter the error callback function and the global Ajax error callback function ajaxerror.
3. Backend processing session timeout
The backend uses spring MVC interceptors. Why use interceptors here? On the one hand, the request URL cannot be too restrictive, such as / *, so filtering all requests is a waste of resources. On the other hand, some URLs do not need to be intercepted. For example, the request to the login page must not be intercepted, otherwise it will be redirected circularly. On the other hand, we only need to intercept the controller request, and other requests are not intercepted.
Let's take a look at the implementation of the Interceptor:
Determine whether the session timed out by obtaining whether the user object in the session exists. If the session timed out, it will be returned according to different request methods. If it is a normal request, it will directly return to the JavaScript script, which can jump the page to other URLs. If it is an Ajax request, a 401 status code is returned, and a sessiontimeout is added to the returned header, which will be used at the front end.
The interceptor is configured in the spring MVC configuration file as follows:
4. Front end processing session timeout
For ordinary requests, the back-end returns JavaScript scripts, which will be executed immediately. Here, the front-end does not need any processing.
For Ajax requests, the backend returns 401 status code and sets sessiontimeout in the header. Here, the Ajax complete callback function of jQuery is used for processing, as follows:
OK, OK. All users whose session times out will be processed.
summary
That's all for the session timeout solution of Java Web project. I hope it will help you.